Before you hack into a system, you must decide what your goals are. Are you hacking to put the system down, gaining sensitive data, breaking into the system and taking the 'root' access, screwing up the system by formatting everything in it, discovering vulnerabilities & see how you can exploit them, etc ... ? The point is that you have to decide what the goal is first. The most common goals are:
1. Breaking into the system & taking the admin privileges. 2. Gaining sensitive data, such as credit cards, identification theft, etc. - not recommended
You should have all of your tools ready before you start the next steps too hacking. There is a Linux version called Backtrack. It is an operating system that comes with various security tools that will help you break into systems. You must decide how you are going to achieve your task. Plan. There is a common methodology followed by hackers, I will mention it below. However, you can create your own methodology if you know what you are doing. Common steps to be taken for hacking a system:
1. Reconnaissance (footprinting)
3. Ports & Services Enumeration
4. Vulnerability Assessment
5. Vulnerability Exploitation
6. Penetration and Access
7. Privilege Escalation & owning the box
8. Erase tracks
9. Maintaining access
The above methodology can change based on your goals.
Before you break into a system, you have to collect as much info as you can on the system and target. You have to study your target well before you hack. This step is called reconnaissance. Reconnaissance is achieved by using techniques & tools that are undetectable by the target. You are gathering your target's info that is publicly published, e.g. browse your target's website and finding they are looking for an SQL employee and Windows server admin, then you get a hint that they are running Windows Server & do SQL's. This is called a "passive" action.
Lets see an example of active action. Example of active action: Call the company to obtain some info, visit the company, email employees to get some info, go to the target's website and read its source code. In other words, passive action means you gather info in a non-intrusive manner. Active action is a step further, such as talking to the company as if you are a customer, things like that. It is not really important to know what action is passive and what is active, the main goal here is to gather info. Simple huh? Good, let me go deeper little bit.
In passive reconnaissance, there is a 0% chance of getting caught, as you only target publicly available info to give you the feel on what your target looks like. The type of info you can gather through passive recon. are, names, phones numbers, location addresses, partner networks, and much more. This can aid you when you want to do some social engineering! Hence, sometimes you can get some non-public info that's revealed when you do passive reconnaissance. There are several tools that help you with passive reconnaissance, such as WhoIs (who is). WhoIs helps you obtain extensive info, such as names, domains of the target, etc. Other great tools are, Sam Spade, domain tools, and Google(can reveal lots of target subdomians & many more).
Active reconnaissance goes beyond the passive nature, such as communicating with the target without being caught, such as scanning. Anything not discovered in IDS(Intrusion Detection System) is considered active. You have to think of ways to extract info of the...